Functional Requirements
|
|
FAU_ARP.1
|
Security Audit Automatic Response
Security Alarms
|
AU-5
|
Response to Audit Processing Failures
|
AU-5 (1)
|
Response to Audit Processing Failures
Audit Storage Capacity
|
AU-5 (2)
|
Response to Audit Processing Failures
Real-Time Alerts
|
AU-5 (3)
|
Response to Audit Processing Failures
Configurable Traffic Volume Thresholds
|
AU-5 (4)
|
Response to Audit Processing Failures
Shutdown on Failure
|
PE-6 (2)
|
Monitoring Physical Access
Automated Intrusion Recognition / Responses
|
SI-3
|
Malicious Code Protection
|
SI-3 (8)
|
Malicious Code Protection
Detect Unauthorized Commands
|
SI-4 (5)
|
Information System Monitoring
System-Generated Alerts
|
SI-4 (7)
|
Information Systems Monitoring
Automated Response to Suspicious Events
|
SI-4 (22)
|
Information Systems Monitoring
Unauthorized Network Services
|
SI-7 (2)
|
Software, Firmware, and Information Integrity
Automated Notifications of Integrity Violations
|
SI-7 (5)
|
Software, Firmware, and Information Integrity
Automated Response to Integrity Violations
|
SI-7 (8)
|
Software, Firmware, and Information Integrity
Auditing Capability for Significant Events
|
FAU_GEN.1
|
Security Audit Data Generation
Audit Data Generation
|
AU-2
|
Audit Events
|
AU-3
|
Content of Audit Records
|
AU-3 (1)
|
Content of Audit Records
Additional Audit Information
|
AU-12
|
Audit Generation
|
FAU_GEN.2
|
Security Audit Data Generation
User Identity Association
|
AU-3
|
Content of Audit Records
|
FAU_SAA.1
|
Security Audit Analysis
Potential Violation Analysis
|
SI-4
|
Information System Monitoring
|
FAU_SAA.2
|
Security Audit Analysis
Profile-Based Anomaly Detection
|
AC-2 (12)
|
Account Management
Account Monitoring / Atypical Usage
|
SI-4
|
Information System Monitoring
|
FAU_SAA.3
|
Security Audit Analysis
Simple Attack Heuristics
|
SI-3 (7)
|
Malicious Code Protection
Non Signature-Based Protection
|
SI-4
|
Information System Monitoring
|
FAU_SAA.4
|
Security Audit Analysis
Complex Attack Heuristics
|
SI-3 (7)
|
Malicious Code Protection
Non Signature-Based Protection
|
SI-4
|
Information System Monitoring
|
FAU_SAR.1
|
Security Audit Review
Audit Review
|
AU-7
|
Audit Reduction and Report Generation
|
FAU_SAR.2
|
Security Audit Review
Restricted Audit Review
|
AU-9 (6)
|
Protection of Audit Information
Read Only Access
|
FAU_SAR.3
|
Security Audit Review
Selectable Audit Review
|
AU-7
|
Audit Reduction and Report Generation
|
AU-7 (1)
|
Audit Reduction and Report Generation
Automatic Processing
|
AU-7 (2)
|
Audit Reduction and Report Generation
Automatic Sort and Search
|
FAU_SEL.1
|
Security Audit Event Selection
Selective Audit
|
AU-12
|
Audit Generation
|
FAU_STG.1
|
Security Audit Event Storage
Protected Audit Trail Storage
|
AU-9
|
Protection of Audit Information
|
FAU_STG.2
|
Security Audit Event Storage
Guarantees of Audit Data Availability
|
AU-9
|
Protection of Audit Information
Alternate audit capability
|
FAU_STG.3
|
Security Audit Event Storage
Action In Case of Possible Audit Data Loss
|
AU-5
|
Response to Audit Processing Failures
|
AU-5 (1)
|
Response to Audit Processing Failures
Audit Storage Capacity
|
AU-5 (2)
|
Response To Audit Processing Failures
Real-Time Alerts
|
AU-5 (4)
|
Response To Audit Processing Failures
Shutdown on Failure
|
FAU_STG.4
|
Security Audit Event Storage
Prevention of Audit Data Loss
|
AU-4
|
Audit Storage Capacity
|
AU-5
|
Response to Audit Processing Failures
|
AU-5 (2)
|
Response To Audit Processing Failures
Real-Time Alerts
|
AU-5 (4)
|
Response To Audit Processing Failures
Shutdown on Failure
|
FCO_NRO.1
|
Non-Repudiation of Origin
Selective Proof of Origin
|
AU-10
|
Non-Repudiation
|
AU-10 (1)
|
Non-Repudiation
Association Of Identities
|
AU-10 (2)
|
Non-Repudiation
Validate Binding of Information Producer
Identity
|
FCO_NRO.2
|
Non-Repudiation of Origin
Enforced Proof of Origin
|
AU-10
|
Non-Repudiation
|
AU-10 (1)
|
Non-Repudiation
Association Of Identities
|
AU-10 (2)
|
Non-Repudiation
Validate Binding of Information Producer
Identity
|
FCO_NRR.1
|
Non-Repudiation of Receipt
Selective Proof of Receipt
|
AU-10
|
Non-Repudiation
|
AU-10 (1)
|
Non-Repudiation
Association Of Identities
|
AU-10 (2)
|
Non-Repudiation
Validate Binding of Information Producer
Identity
|
FCO_NRR.2
|
Non-Repudiation of Receipt
Enforced Proof of Receipt
|
AU-10
|
Non-Repudiation
|
AU-10 (1)
|
Non-Repudiation
Association Of Identities
|
AU-10 (2)
|
Non-Repudiation
Validate Binding of Information Producer
Identity
|
FCS_CKM.1
|
Cryptographic Key Management
Cryptographic Key Generation
|
SC-12
|
Cryptographic Key Establishment and Management
|
FCS_CKM.2
|
Cryptographic Key Management
Cryptographic Key Distribution
|
SC-12
|
Cryptographic Key Establishment and Management
|
FCS_CKM.3
|
Cryptographic Key Management
Cryptographic Key Access
|
SC-12
|
Cryptographic Key Establishment and Management
|
FCS_CKM.4
|
Cryptographic Key Management
Cryptographic Key Destruction
|
SC-12
|
Cryptographic Key Establishment and Management
|
FCS_COP.1
|
Cryptographic Operation
Cryptographic Operation
|
SC-13
|
Cryptographic Protection
|
FDP_ACC.1
|
Access Control Policy
Subset Access Control
|
AC-3
|
Access Enforcement
|
AC-3 (3)
|
Access Enforcement
Mandatory Access Control
|
AC-3 (4)
|
Access Enforcement
Discretionary Access Control
|
AC-3 (7)
|
Access Enforcement
Role-Based Access Control
|
FDP_ACC.2
|
Access Control Policy
Complete Access Control
|
AC-3
|
Access Enforcement
|
AC-3 (3)
|
Access Enforcement
Mandatory Access Control
|
AC-3 (4)
|
Access Enforcement
Discretionary Access Control
|
AC-3 (7)
|
Access Enforcement
Role-Based Access Control
|
FDP_ACF.1
|
Access Control Functions
Security Attribute Based Access Control
|
AC-3
|
Access Enforcement
|
AC-3 (3)
|
Access Enforcement
Mandatory Access Control
|
AC-3 (4)
|
Access Enforcement
Discretionary Access Control
|
AC-3 (7)
|
Access Enforcement
Role-Based Access Control
|
AC-16
|
Security Attributes
|
SC-16
|
Transmission of Security Attributes
|
FDP_DAU.1
|
Data Authentication
Basic Data Authentication
|
SI-7
|
Software, Firmware, and Information Integrity
|
SI-7 (1)
|
Software, Firmware, and Information Integrity
Integrity Checks
|
SI-7 (6)
|
Software, Firmware, And Information Integrity
Cryptographic Protection
|
SI-10
|
Information Input Validation
|
FDP_DAU.2
|
Data Authentication
Data Authentication With Identity of Guarantor
|
SI-7
|
Software, Firmware, and Information Integrity
|
SI-7 (1)
|
Software, Firmware, and Information Integrity
Integrity Checks
|
SI-7 (6)
|
Software, Firmware, And Information Integrity
Cryptographic Protection
|
SI-10
|
Information Input Validation
|
FDP_ETC.1
|
Export from the TOE
Export of User Data without Security Attributes
|
No Mapping.
|
FDP_ETC.2
|
Export from the TOE
Export of User Data with Security Attributes
|
AC-4 (18)
|
Information Flow Enforcement
Security Attribute Binding
|
AC-16
|
Security Attributes
|
AC-16 (5)
|
Security Attributes
Attribute Displays for Output Devices
|
SC-16
|
Transmission of Security Attributes
|
FDP_IFC.1
|
Information Flow Control Policy
Subset Information Flow Control
|
AC-3
|
Access Enforcement
|
AC-3 (3)
|
Access Enforcement
Mandatory Access Control
|
AC-4
|
Information Flow Enforcement
|